BitBTC bridge had an error in it that could have cost it a big loss, as it could have allowed an attacker to mint fake tokens on the bridge and swap them for real ones. The error was in a cross-chain bridge between BitBTC and the Ethereum layer-2 network. A user from the Twitter crypto community found this error with his eagle eye and saved BitBTC from the exploit.
In the custom cross-chain bridge, a user can send assets between Optimism’s network and BitAnt’s DeFi ecosystem. These assets are yield services, nonfungible tokens, NFTs, swaps, and the BitBTC token. In this cross-chain bridge, 1 million BitBTC tokens represent 1 Bitcoin.
Lee Bousfield, who is a tech lead Arbitruma, and a Twitter crypto community user, found this bug in the BitBTC bridge. On the 18th of October, in a Twitter post, Lee warned that the BitBTC Optimism bridge is trivially vulnerable. He tweeted that the team has ignored his messages, so he is going to publish the critical exploit here.
According to Lee, there was a bug in the BitBTC bridge that could have allowed the attacker to mint fake tokens and swap them as real ones. Because the Optimism L2 side of the bridge lets you withdraw any token, and the L1 bridge completely ignores what the L2 token was.
Lee believes that the attacker could deploy his token on the Optimism network, give himself all the supplies, and set that token to the real BitBTC L1 address. Lee also gave the plan to solve this bug as he said that it would take seven days to go through, during which the L1 bridge could be fixed through an upgrade.
On the 18th of October, Kevin Fichter, an Optimism developer confirmed that the bug was on BitBTC’s side of things. Fichter also suggested people use the standard bridge unless they know what they are doing.